Follow us

Description:https://www.defcon.org/images/defcon-16/dc16-presentations/defcon-16-harbour.pdf This presentation discusses the techniques employed by a new anti-reverse engineering tool named PE-Scrambler. Unlike a traditional executable packer which simply compresses or encrypts the original executable, this tool has the ability to permanently modify the compiled code itself. With the ability to modify compiled programs at the instruction level a vast array of Anti-Reverse Engineering techniques are possible that would traditionally have been performed only by hand by seasoned hackers. In addition to thwarting a would-be reverse engineer, the tool has the ability to randomly modify code in a program in a fashion that keeps the functionality of the program in-tact. This is useful for modifying a program to defeat signature recognition algorithms such as those used in Anti-Virus programs. In this presentation we will discuss several of these Anti-Reverse Engineering and Polymorphic techniques in depth. A new technique and tool for detecting armored and packed binaries will also be discussed and demonstrated.

In addition to learning about two new security tools, attendees will learn state-of-the-art anti-disassembly and anti debugging techniques. Attendees' eyes will be opened to the vast world of possibility that lies in the future for binary armoring and develop a true contempt for the binary packers of today

Disclaimer: We are a infosec video aggregator and this video is linked from an external website. The original author may be different from the user re-posting/linking it here. Please do not assume the authors to be same without verifying.